3.4 Cyber resilience is the key to safeguarding economic value Cyber resilience underpins an organization’s ability to minimize the impact of significant cyber incidents on its primary business goals and objectives.30 Survey data shows increasing confidence in organizational cyber resilience. While 64% of organization report having met their minimum cyber resilience requirements, regardless of regional or sectorial variation (as further detailed in Section 3.6), only 19% claimed that cyber resilience exceeds their requirements. This is, however, a double- digit increase compared to 2025, when only 9% reported exceeding resilience requirements. Year-over-year perception of cyber resilience FIGURE 24 0%20%40%60%80%100% Our cyber resilience is insufﬁcient Our cyber resilience meets minimum requirements Our cyber resilience exceeds our requirementsHow would you rate your organization’s cyber resilience? 202617%19% 64% 20259% 69% 22% 202413% 63% 24% Nevertheless, cyber resilience remains under pressure. In 2025, a wave of cyberattacks struck organizations at every level – for example, in the United Kingdom alone, prominent retailers such as Marks & Spencer, Harrods and Co-op all suffered major operational disruptions and data losses due to ransomware attacks.31 These incidents underscore that, despite expressing growing confidence in cyber resilience, organizations are still facing major operational and reputational impacts from adversaries that are adapting rapidly. Against this backdrop, the top three reported challenges to strengthening cyber resilience, according to survey data, include: the rapidly evolving threat landscape and emerging technologies (61%); third-party and supply chain vulnerabilities (46%); and cyber skills and expertise shortages (45%). 34 Global Cybersecurity Outlook 2026